package com.zwz.shiro;

import java.util.List;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.CollectionUtils;

/**
 * 重写roles权限and换成or
 * 2015年12月27日 下午5:33:00
 * @author zhangwanzhong 
 */
public class MyRolesAuthorizationFilter extends MyAuthorizationFilter {
	
	
	/**
	 * 角色权限or
	 */
	@Override
	protected boolean isAccessAllowed(ServletRequest request,
			ServletResponse response, Object mappedValue) throws Exception {
		Subject subject = getSubject(request, response);
		String[] rolesArray = (String[]) mappedValue;

		if (rolesArray == null || rolesArray.length == 0) {
			// no roles specified, so nothing to check - allow access.
			return false;
		}
		List<String> roles = CollectionUtils.asList(rolesArray);
		boolean[] hasRoles = subject.hasRoles(roles);
		for (boolean hasRole : hasRoles) {
			if (hasRole) {
				return true;
			}
		}
		return false;
	}

}
